Client-Side Template Injection (CSTI) TL;DR: AngularJS / Vue / Mustache sinks evaluating attacker template expressions in the browser → DOM XSS without injecting Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://portswigger.net/research/xss-without-html-client-side-template-injection-with-angularjs